mathod/crossplane
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
49f0002fc6db340f6f828c520f7e943ddc9c087d
crossplane/providers/provider-family-aws/resources/objects/organization/scp-restrict-regions.yaml
Mathod 49f0002fc6 * scheme update
2025-11-26 06:47:28 +01:00

42 lines
1.1 KiB
YAML
Raw Blame History

apiVersion: organizations.aws.m.upbound.io/v1beta1
kind: Policy
metadata:
name: deny-non-approved-regions
namespace: aws-organization
labels:
policy-type: scp
purpose: compliance
spec:
forProvider:
name: DenyNonApprovedRegions
description: Only allow specific AWS regions for compliance
type: SERVICE_CONTROL_POLICY
content: |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyNonApprovedRegions",
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": [
"eu-west-1",
"us-east-1",
"us-west-2"
]
},
"ArnNotLike": {
"aws:PrincipalArn": [
"arn:aws:iam::*:role/OrganizationAccountAccessRole",
"arn:aws:iam::*:role/Admin*"
]
}
}
}
]
}
providerConfigRef:
name: org-config
Reference in New Issue View Git Blame Copy Permalink